Blog Post

Windows IT Pro Blog
2 MIN READ

Windows Server Update Services (WSUS) deprecation

Nir_Froimovici's avatar
Nir_Froimovici
Former Employee
Sep 20, 2024

Editor's note 9.25.2024: This post has been updated to define deprecation and provide clarity on how this impacts WSUS.

As part of our vision for simplified Windows management from the cloud, Microsoft has announced deprecation of Windows Server Update Services (WSUS). Specifically, this means that we are no longer investing in new capabilities, nor are we accepting new feature requests for WSUS. However, we are preserving current functionality and will continue to publish updates through the WSUS channel. We will also support any content already published through the WSUS channel.

Deprecation refers to the stage in the product lifecycle when a feature or functionality is no longer in active development and may be removed in future releases. Each release of Windows Server adds new features and functionality; we also occasionally remove features and functionality, typically because we've added a better option. Deprecated features continue to work and are fully supported until they are officially removed, and we have no current plans of removing WSUS from in-market versions of Windows Server (including Windows Server 2025). Microsoft will continue to ensure that existing WSUS features work, and we will address issues as they arise. However, we do not plan to invest in new features going forward.

WSUS deprecation does not impact existing capabilities or support for Microsoft Configuration Manager. While the WSUS role remains available in Windows Server 2025, we recommend organizations transition to cloud tools, including Windows Autopatch and Microsoft Intune for client update management and Azure Update Manager for server update management.

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.

Updated Sep 24, 2024
Version 2.0
servicing and updates

143 Comments

Show More
  • DadP1070's avatar
    DadP1070
    Copper Contributor
    Sep 20, 2024

    Perfectly fair.  For my experience, having dealt with some of the third-party offerings, Ansible would be my choice, but not for everyone.

  • AaronM955's avatar
    AaronM955
    Brass Contributor
    Sep 20, 2024

    That's great if you have the time and resources to dedicate to Ansible.  Also, I'm not a fan of it.  It has its place but not at most small to medium sized businesses.

  • DadP1070's avatar
    DadP1070
    Copper Contributor
    Sep 20, 2024

    Work on a solution like Ansible to deliver agent-less updates across your networks.  Skip all the other third-party solutions (especially those with client agents), plus the benefit of one less thing in MS's cloud.

  • Karl-WE's avatar
    Karl-WE
    MVP
    Sep 20, 2024

    Please do not stop here Nir_Froimovici and teams. 

     

    As a next step it would be great to bring driver and firmware update support, product categories to Azure Update Manager. Also 3rd party update support, and then a kind like Arc gateway to provide disconnected scenarios / DMZ. 

     

    I might have a special opinion but I much appreciate this news. Being a long term admin and later consultant with a specialty on Windows Client, Windows Server and also Patchmanagement via WSUS, this decision makes much sense to me, knowing about all the limitations and issues of WSUS, leaving alone Windows internal database.

     

    It testifies what we all felt about WSUS for the past decade, doesn't it? 

     

    WSUS became a growing patchwork solution to deploy, admininistrate and optimize, to an unacceptable state without ajtek WAM, till today.

     

    Here is a blogpost of mine to learn more about deprecation in general and how to deal with it.

  • AaronM955's avatar
    AaronM955
    Brass Contributor
    Sep 20, 2024

    They just monetized patching.  Either do them all manually, invest in a third-party system, or increase your spend on M365 licensing in order to get the new tools.

  • ejsiron's avatar
    ejsiron
    MVP
    Sep 20, 2024

    Congratulations, you must made centralized automated patching subject to internal politics and budget constraints. I survived the era of Melissa, SQL Slammer, and other things that were solved when we no longer had to choose between paid patch management or trusting admins of every server to do the right thing. For those of you that did not live through that, buckle up!

    Granted, WSUS has been deprecated in spirit for well over a decade, so not much changes until it actually stops shipping.

  • exchange12rocks's avatar
    exchange12rocks
    Iron Contributor
    Sep 20, 2024

    1. 5 USD per server per month??? Are you out of your mind?? I have 10000 VMs, each one by itself costs us less than that to run. There is no sense for us to double-triple our server spending just to get Windows updates. 

    2. What about disconnected infrastructures? How are they supposed to receive updates?

  • AndrewJimenez's avatar
    AndrewJimenez
    Brass Contributor
    Sep 20, 2024

    While the WSUS role remains available in Windows Server 2025, we recommend organizations transition to cloud tools, including https://learn.microsoft.com/windows/deployment/windows-autopatch/overview/windows-autopatch-overview and https://learn.microsoft.com/mem/intune/fundamentals/what-is-intune for client update management and https://azure.microsoft.com/products/azure-update-management-center for server update management.

    And for organizations that are unable to transition to cloud tools? Plenty of organizations have environments that are unable to reach the internet, but still need to be patched. Are there solutions for these organizations?

  • AriLehtimaki's avatar
    AriLehtimaki
    Copper Contributor
    Sep 20, 2024

    While AUM is nice, it is 5e/month/per server. We used to use Update Management in Azure Automation which was free, but is has been discontinued.